public bool CanPerformActionOnResource(IUser user, IResource resource,
ActionType action,
out string message)
{
bool canPerformAction = false;
if (!_resources.ContainsKey(resource.Name))
{
message = "Resource: " + resource.Name + "doesn't exist";
}
else if (!resource.IsValidAction(action))
{
message = "Invalid action for resource: " + resource.Name;
}
else if (resource.IsResourceSpecificUser(user))
{
canPerformAction = resource.CanPerformAction(user, action, out message);
}
//user is not a specific resource user
//system wide roles will be used to
//check if action can be performed
else
{
if (!_systemWideRoles.ContainsKey(user))
{
message = "User: "******"doesn't have required permission";
}
else
{
var allUserRoles = this._systemWideRoles[user];
foreach (var entry in allUserRoles)
{
//system applies most inclusive permission
canPerformAction = canPerformAction || entry.IsPermittedAction(action);
}
if (canPerformAction)
{
message = "User: "******"can perform requested action on resource: " + resource.Name;
}
else
{
message = "User: "******"cannot perform requested action on resource: " + resource.Name;
}
}
}
return(canPerformAction);
}